<clickhouse>
    <auth_use_forwarded_address>true</auth_use_forwarded_address>
    <!-- Used with https_port and tcp_port_secure. Full ssl options list: https://github.com/ClickHouse-Extras/poco/blob/master/NetSSL_OpenSSL/include/Poco/Net/SSLManager.h#L71 -->
    <openSSL>
        <server> <!-- Used for https server AND secure tcp port -->
            <!-- openssl req -subj "/CN=localhost" -new -newkey rsa:2048 -days 365 -nodes -x509 -keyout /etc/clickhouse-server/server.key -out /etc/clickhouse-server/server.crt -->
            <certificateFile>/etc/clickhouse-server/config.d/server.crt</certificateFile>
            <privateKeyFile>/etc/clickhouse-server/config.d/server.key</privateKeyFile>
            <verificationMode>none</verificationMode>
            <loadDefaultCAFile>true</loadDefaultCAFile>
            <cacheSessions>true</cacheSessions>
            <disableProtocols>sslv2,sslv3</disableProtocols>
            <preferServerCiphers>true</preferServerCiphers>
        </server>
    </openSSL>

    <listen_host>0.0.0.0</listen_host>

    <protocols>
        <tcp>
            <type>tcp</type>
            <host>0.0.0.0</host>
            <port>9000</port>
            <description>native protocol (tcp)</description>
        </tcp>
        <tcp_secure>
            <type>tls</type>
            <impl>tcp</impl>
            <port>9440</port>
            <description>secure native protocol (tcp_secure)</description>
        </tcp_secure>
        <tcp_endpoint>
            <impl>tcp</impl>
            <host>0.0.0.0</host>
            <port>9001</port>
            <description>native protocol endpoint (tcp)</description>
        </tcp_endpoint>
        <tcp_proxy>
            <type>proxy1</type>
            <impl>tcp</impl>
            <port>9100</port>
            <description>native protocol with PROXYv1 (tcp_proxy)</description>
        </tcp_proxy>
        <http>
            <type>http</type>
            <port>8123</port>
            <description>http protocol</description>
        </http>
        <https>
            <type>tls</type>
            <impl>http</impl>
            <host>0.0.0.0</host>
            <port>8443</port>
            <description>https protocol</description>
        </https>
        <https_endpoint>
            <impl>https</impl>
            <port>8444</port>
            <description>https protocol endpoint</description>
        </https_endpoint>
    </protocols>

    <!--tcp_port>9010</tcp_port--> 

    <validate_tcp_client_information>true</validate_tcp_client_information>
</clickhouse>
